Paytm, Freecharge, BHIM, etc have serious privacy concerns. Here are the details

Paytm, Freecharge, BHIM, etc have serious privacy concerns. Here are the detailsSince demonetisation, digital payments have surged as more and more Indians are paying through online methods and digital wallets.

However, whenever we talk about online transactions, we cannot ignore cyber security and cyber crimes.

Worldwide, there have been many cases of cyber crimes where hackers invaded security and made transactions.

From the Indian context, digital payments are also prone to such risks. A study conducted by the Centre for Software and IT Management (CSITM) at Indian Institute of Management Bangalore focuses on the risks associated with Indian mobile phone based payment systems.

The study found out many popular apps such as Paytm, Freecharge, BHIM, etc were not secure.


The experiments were conducted with five popular mobile payment systems, in four broad categories – wallets (PayTM, FreeCharge), direct link with user’s bank (BHIM), specific bank’s app for account holders (iMobile by ICICI Bank), and basic USSD service (dialing *99#).

Prof. Rahul De, Chairperson, CSITM, and faculty in the Decision Sciences and Information Systems area at IIM Bangalore said the study found serious privacy concerns with all the services studied. For instance, while in many apps like Freecharge, the wallets are not directly linked to third party vendors (such as Uber or BigBasket), apps such as PayTM allow for automatic linkage with the vendors, and the vendors can automatically deduct amounts without the explicit consent of the user.

As per the study, a recurring security concern was that many of the apps such as Paytm, Freecharge do not automatically log the users out, and anyone having access to the phone can make financial transactions through these apps.

This risk is highest if the user loses or misplaces her/his mobile phone, and higher still if the phone is unlocked or unprotected. However, apps such as iMobile, BHIM have auto-logout/ session time-out features.

“We also observed inadequate management of the transactions and no evidence of systematic analysis of transaction patterns. The lack of these features is a potential security violation. However, even while we were conducting the study, we observed that the features of the apps and services were constantly evolving and changing,” said Prof De.